Here are recursive addslashes / stripslashes functions.given a string - it will simply add / strip slashesgiven an array - it will recursively add / strip slashes from the array and all of it subarrays. if the value is not a string or array - it will remain unmodified!

It should be of note that if you are stripping slashes to get rid of the slashes added by magic_quotes_gpc then it will also remove slashes from \. This may not seem that bad but if you have someone enter text such as 'testing\' with a slash at the end, this will cause an error if not corrected. It's best to strip the slashes, then add a slash to every single slash using $text = str_replace('\\', '\\\\', $text);

// I'm using mysql_escape_string as a simple example, but this function would work for any escaped string.$query = "It's amaizing! Who's to say this isn't a simple function?";$badstring = mysql_escape_string($query);

1) we do not need to do anything, if the magic_quotes_gpc is disabled (cases 1 and 4);2) stripslashes($_POST['example']) only works, if the magic_quotes_gpc is enabled, but the magic_quotes_sybase is disabled (case 2);3) str_replace("''", "'", $_POST['example']) will do the trick if both the magic_quotes_gpc and the magic_quotes_sybase are enabled (case 3);

if (TRUE == empty($mqs) || 'off' == $mqs) {// we need to do stripslashes on $_GET, $_POST and $_COOKIE} else {// we need to do str_replace("''", "'", ...) on $_GET, $_POST, $_COOKIE} }// otherwise we do not need to do anything}?>

* TRUE will become a string "1",* FALSE will become an empty string,* integers and floats will become strings,* NULL will become an empty string.

On the other hand you only need to process strings, so use the is_string function to check;

3) when dealing with other (than GPC) data sources, such as databases or text files, remember to play with the magic_quotes_runtime setting as well, see, what happens and write a corresponding function, i.e. disable_magic_quotes_runtime() or something.

4) VERY IMPORTANT: when testing, remember the null character. Otherwise your tests will be inconclusive and you may end up with... well, serious bugs :)

When matching strings with approstrophes against the mysql database, my query kept failing while it worked fine when I copied the same query directly to perform the database query. After several hours I found that stripslashes() made the string longer and hence it wasn't "equal" for the query.

This code shows the behavior (copy into "test.php"). Replacing stripslashes worked for me.

Might I warn readers that they should be vary careful with the use of stripslashes on Japanese text. The shift_jis character set includes a number of two-byte code charcters that contain the hex-value 0x5c (backslash) which will get stripped by this function thus garbling those characters.

Note that the variable '$strip_slashes_deep' has to be passed to the closure by reference. I think that this is because at the time the closure is created the variable '$strip_slashes_deep' doesn't exist: the closure itself becomes the value of the variable. Passing by reference solves this issue. This closure could easily be adapted to use other methods of stripping slashes such as preg_replace().